Security & Assurance
Trust Center
Posture at a glance
SOC 2 TYPE I · IN PROGRESS
EVIDENCE CHAIN · SHA-256 HASH-CHAINED, ED25519 HSM-SIGNED
ARCHITECTURE · FIPS 140-2 L3 SIGNING PATH, FAIL-CLOSED ENFORCEMENT
WEBSITE · NO COOKIES, NO TRACKERS
EVIDENCE CHAIN · SHA-256 HASH-CHAINED, ED25519 HSM-SIGNED
ARCHITECTURE · FIPS 140-2 L3 SIGNING PATH, FAIL-CLOSED ENFORCEMENT
WEBSITE · NO COOKIES, NO TRACKERS
Architecture commitments
- Fail closed. If the checkpoint is unreachable, governed actions are refused — never silently allowed. The gateway ships with no fail-open mode enabled.
- Evidence before execution. Every governed action is evaluated, signed, and chained before it runs. Signature completeness is enforced at the database layer, not just in application code.
- Independent verifiability. Any decision record can be verified against the public verification surface without platform credentials.
- Named accountability. Every decision resolves to a named human chain — operator, policy owner, escalation authority.
- Kill-switch discipline. Global and per-agent halt with MFA, full audit trail, and deliberate restore.
Compliance roadmap
SOC 2 Type I attestation is in progress with Type II to follow. Framework mappings for the EU AI Act and NIST AI RMF ship as policy templates inside the platform. Security documentation, architecture diagrams, and penetration-test summaries are available to qualified prospects under NDA.
Report a vulnerability
Write to info@sansarai.ai with subject "Security disclosure". Good-faith research is appreciated and will be acknowledged within two business days.